While Facebook has faced massive scrutiny over the last year when it comes to privacy and security, their other major social network, Instagram, has managed to stay clear of the spotlight. Until now. Over the weekend, it was revealed that a new security flaw could have inadvertently exposed Instagram passwords to public view.
In April this year, Instagram launched a new tool that allowed users to download their personal data as part of their compliance with the European Union’s new General Data Protection Regulation. But a flaw in that tool resulted in their passwords being accidentally exposed in the URL of their web browsers. If a user was on a public computer others could see the password.
Security experts say that if the passwords were being securely stored that this should not have been possible, pointing to a deeper weakness.
Instagram has sent a notice to users about this, recommending they change their passwords and clear their browser history.
While we still depend on passwords – something Microsoft is trying to eradicate – the best thing you can do to protect your user accounts is to use complex passwords and employ two-factor authentication whenever you can.